Blockchains, the basis of the Bitcoin currency, can be used to enhance the security, privacy and manageability of IoT devices and networks, it’s claimed.
Paul Fremantle, at the University of Portsmouth’s School of Computing, analysed 55 systems for managing the Internet of Things (IoT), and found most had no support for security or privacy, and few systems had robust controls. This means the IoT is increasingly vulnerable to cyber-attacks, as shown last year when IoT devices were taken over and used to attack the US internet, bringing down many systems.
Paul said: “The IoT is all about connecting devices to a network and enabling them to collect and share data. It can include anything from household objects like thermostats, light switches, doorbells and fridges to toys, cars and medical devices. It’s a real concern that we’re buying these devices without thinking of the consequences. For example when you buy a fitness tracker it’s hard-coded to the company that sold it. If their network isn’t secure then your data isn’t secure.
“Some of these smart devices can access incredibly rich data. Google Nest knows what room a person is in and whether they’re asleep or awake. Monitors inside some of the latest cars can tell if a driver is male or female, or even whether the driver is pregnant. There aren’t really strong incentives for manufacturers to update their systems to keep you safe, so you can easily be attacked personally – the brakes of your car could be hit while you’re driving it – or your things could be taken over to attack something else.
“The first time the digital world affected the physical world was when a worm that became known as Stuxnet attacked a nuclear plant in Iran. This virus physically destroyed nuclear centrifuges which were separating different types of uranium. This was back in 2010, and now that virus is available to malware authors. It’s quite frightening that there is a steady growth of the number of devices connected to the internet, but the lack of security remains a big concern. The only true privacy control a user has is often just to completely disable a device.”
Paul proposes a model using blockchains, a method of recording data – a digital ledger of transactions, agreements, contracts – distributed across several, hundreds or even thousands of computers.
He said: “Blockchains create a shared governance. They create an environment for IoT networks where there can be trust, anonymity and effective contracts between parties without any single vendor being in charge, and without requiring any party to be trusted above another.”
Paul’s paper was published at an international conference on Internet of Things, Big Data and Security in Porto, Portugal.
